Computer misuse is often easier to recognize in particular instances than it is to specify in general, and is highly sensitive to experience and context. Nevertheless, few computer security technologies, if any, adequately utilize models of experience and context in defending against misuse. This research explores the thesis that many computer defenses can be dramatically improved, in both efficacy and usability, by modeling experience and context in a way that allows the models to become an integral element for defending the system. The interactions that can be modeled and potentially exploited are ubiquitous---they exist among persons (e.g., different user roles in access control), among computers and networks (e.g., what computers and networks typically correspond with what others), and even among attacks (e.g., what attacks realize the preconditions of others). Developing security technologies that better utilize such interactions forms the core of the research agenda in "security through interaction modeling" (STIM). This effort promises advances in diverse areas of security technology, such as attack traffic filtering, more usable authorization systems, and intrusion detection and response. A central goal of the STIM activity is education and outreach. Its efforts here include the construction of a security education portal and cybersecurity curricula for many education levels, ranging from children through college faculty.
